pass in all
pass in from any to any no state
pass in proto tcp from any port <= 1024 to any label foo_bar
pass in proto tcp from any to any port = 25
pass in proto tcp from 10.0.0.0/8 port > 1024 to ! 10.1.2.3 port != 22
pass in proto igmp from 10.0.0.0/8 to 10.1.1.1 allow-opts
pass in proto tcp from { 1.2.3.4, 1.2.3.5 } to any label \
"$nr:$proto:$srcaddr:$srcport:$dstaddr:$dstport"
